Fix #97

Author: danielfett

A04_attacks-and-mitigations.md

@@ -106,7 +106,7 @@ The attack described above works for the implicit grant as well. If
 the attacker is able to send the authorization response to an attacker-controlled URI, the attacker will directly get access to the fragment carrying the
 access token.
 
-Additionally, implicit clients can be subject to a further kind of
+Additionally, implicit grants (and also other grants when using `response_mode=fragment` as defined in [@OpenID.MRT]) can be subject to a further kind of
 attack. It utilizes the fact that user agents re-attach fragments to
 the destination URL of a redirect if the location header does not
 contain a fragment (see [@!RFC9110], Section 17.11). The attack

B_references.md

@@ -53,7 +53,24 @@
   </front>
 </reference>
 
-
+<reference anchor="OpenID.MRT" target="https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html">
+  <front>
+    <title>OAuth 2.0 Multiple Response Type Encoding Practices</title>
+    <author initials="B." surname="de Medeiros" fullname="Breno de Medeiros">
+      <organization>Google</organization>
+    </author>
+    <author initials="M." surname="Scurtescu" fullname="Mihai Scurtescu">
+      <organization>Google</organization>
+    </author>
+    <author initals="P." surname="Tarjan" fullname="Peter Tarjan">
+      <organization>Facebook</organization>
+    </author>
+    <author initials="M." surname="Jones" fullname="Mike Jones">
+      <organization>Microsoft</organization>
+    </author>
+    <date day="25" month="Feb" year="2014"/>
+  </front>
+</reference>
 
 <reference anchor="owasp.redir" target="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">
   <front>